Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Teamviewer scam

Today my Dad and I fell for the infamous "Teamviewer scam." We were trying to fix our NETGEAR wireless extender, and instead of mywifiext.net, Dad tripped across mywifiextnet.com. Both of us let our computers get accessed for probably a half hour or so (his is a Windows, and mine is a Mac running Mavericks), and I just want to make sure I'm taking all steps necessary to get rid of anything that might have put on my computer.


I changed all financial-related passwords (Paypal, bank account, Amazon account, iTunes, etc.) and decided to just go whole-hog and do a 7-pass Erase on my whole system (I will also be calling my bank in the morning for a new debit card and to set up fraud alert, since my info has been accessed before, and I'll probably call to have a new credit card issued as well). I backed up a few personal files to Google Drive, but I was wondering if there was any way those files might be compromised or corrupted? I don't want to download them and have them put something into my computer.


Since my laptop is currently undergoing the Erase process, I can't check, but he ran something in Terminal. Has anyone else had this happen before? I'm not sure what he brought up, but he tried selling me on the "people are accessing your network through you clicking ads while online shopping" or something (which was about when the warning bells finally started going off; unfortunately, Dad wasn't quite so receptive to the idea of it being a scam, so we downloaded Teamviewer onto his computer as well). I'm assuming if some sort of a program was run on my laptop, the 7-pass Erase will eliminate it?


Basically, I've never run headfirst into a scam like this before, and I'm absolutely terrified. My Dad insisted he didn't give the guy any credit card information, and I think he was on the phone with the same person the entire time, but I'm worried they may have downloaded files off of my computer. Is there anything more I can do?


Also, is there anything I can tell my Dad to convince him to take some of the same steps? I don't know what he uses his laptop for, but he thinks he'll be fine just running anti-virus/anti-malware software, and I know some of those can go undetected by programs. Please help if you can!

Posted on Jul 12, 2014 11:35 PM

Reply
Question marked as Helpful

Jul 13, 2014 4:27 AM in response to Lea_S In response to Lea_S

This definitely sounds like a scam to me. These kinds of scams are a dime a dozen. Often, the scammers are just interested in getting you to pay them for services that they have scared you into paying for. Typically, they'll tell you that you have malware or are being hacked, and they can "fix" it if you pay for a service plan.


There's no way of knowing, of course, whether the remote access you gave them might have been abused to install malware. It's a possibility, and the chances of that happening are hard to guess. So you've taken the right steps by erasing the hard drive, though note that the 7-pass erase is completely unnecessary. A simple erase would have done just as well.


More important is how you get back up and running. You cannot simply restore everything from your backups, as that may restore any hacks or malicious software as well. You should reinstall all apps from scratch, and should restore only documents (no settings files, system files, apps, etc) from your backups.


Let your dad know that there is no anti-virus software on the planet that can protect him against malicious software installed by someone with remote (or physical) access to his computer. If malicious software was installed, it may not actually be malware - it could be legit software being used for malicious purposes, or could even be changes made to the system's configuration to open a backdoor. These things cannot be detected by anti-virus software. It may very well not be necessary, but to be safe, he should do the same - erase his hard drive and reinstall everything from scratch.

Jul 13, 2014 4:27 AM

There’s more to the conversation

Read all replies
Question marked as Helpful

Jul 13, 2014 4:27 AM in response to Lea_S In response to Lea_S

This definitely sounds like a scam to me. These kinds of scams are a dime a dozen. Often, the scammers are just interested in getting you to pay them for services that they have scared you into paying for. Typically, they'll tell you that you have malware or are being hacked, and they can "fix" it if you pay for a service plan.


There's no way of knowing, of course, whether the remote access you gave them might have been abused to install malware. It's a possibility, and the chances of that happening are hard to guess. So you've taken the right steps by erasing the hard drive, though note that the 7-pass erase is completely unnecessary. A simple erase would have done just as well.


More important is how you get back up and running. You cannot simply restore everything from your backups, as that may restore any hacks or malicious software as well. You should reinstall all apps from scratch, and should restore only documents (no settings files, system files, apps, etc) from your backups.


Let your dad know that there is no anti-virus software on the planet that can protect him against malicious software installed by someone with remote (or physical) access to his computer. If malicious software was installed, it may not actually be malware - it could be legit software being used for malicious purposes, or could even be changes made to the system's configuration to open a backdoor. These things cannot be detected by anti-virus software. It may very well not be necessary, but to be safe, he should do the same - erase his hard drive and reinstall everything from scratch.

Jul 13, 2014 4:27 AM

Reply Helpful (1)

Jul 13, 2014 4:48 AM in response to thomas_r. In response to thomas_r.

They definitely scared me into it! I've never seen the Error Viewer in Windows before. I was a bit suspicious when they ran a command in Terminal, and tried to sell me on "hundreds of hackers on your network!", but then they brought up Error Viewer on my Dad's and I was all set to pay them. Now, though, I'm more worried that someone somewhere downloaded and is rooting through all of my personal files. I can't believe I fell for this.


I read elsewhere that the 7-pass Erase was excessive, but I guess I felt the need to be "Most Secure" rather than "Fastest"!


I don't have any Time Machine backups, or any backups saved to any other external hard drive. I only saved a few hundred Word files to Google Drive. Because those are documents, and not setting files, system files, or apps, should they be safe to redownload once the erase is complete?


I'll let him know that. I double-checked on his computer that Teamviewer was uninstalled and shut it off, but since I believe he uses it primarily for business, I'll let him know just that and a virus scan isn't anywhere near enough.


Thank you!

Jul 13, 2014 4:48 AM

Reply Helpful
Question marked as Solved

Jul 13, 2014 5:02 AM in response to Lea_S In response to Lea_S

Sounds more and more like a scam designed to scare you into paying them for "services" you don't need. Looking in Event Viewer on Windows or entering Terminal commands on the Mac are both classic signs of a scam. These things can be used to give scary-looking - but perfectly normal - results, and scammers use this to frighten people into believing what the scammers want them to believe.


See if the descriptions of these scams sound familiar:


http://blog.malwarebytes.org/fraud-scam/2013/10/tech-support-scams-coming-to-a-m ac-near-you/


http://blog.malwarebytes.org/tech-support-scams/


Regarding your documents copied to Google Drive, those are fine to copy back to the new system.

Jul 13, 2014 5:02 AM

Reply Helpful

Jul 13, 2014 5:13 AM in response to thomas_r. In response to thomas_r.

I have a (very) small file of such scam companies (after a friend paid one $200 for ''fixing her mac", Teamviewer was also the vehicle of choice). I found that the company had created a fixed login for themselves, so access to the Mac could be made without user assistance. She got her money back from the CC provider and (she kept good backups) I erased and restored the Mac. Then followed the 'change every password' routine.


Teamviewer suffers from its common use in these kinds of scam precisely because it is an excellent remote access app, it is a reputable company with a good product. Unfortunately some of the people who use it are not so reputable.

Jul 13, 2014 5:13 AM

Reply Helpful

Jul 13, 2014 5:17 AM in response to thomas_r. In response to thomas_r.

That makes me feel a little bit better. We found the mywifiextnet.com through a Yahoo ad (I tried reporting it, but unfortunately Yahoo's ad reporting page seems to be down). There was also netgearextendersetup.com. I've reported both of them on the Malwarbytes blog, as well as filing an FTC complaint and alerting Teamviewer.


Those descriptions do sound uncomfortably familiar, though we were foolish enough to contact them ourselves. I almost rather it had been a cold call; probably would've been easier to pick up on the scam.


Thank you so much for your help! I really appreciate it.

Jul 13, 2014 5:17 AM

Reply Helpful

Jul 13, 2014 5:26 AM in response to Lea_S In response to Lea_S

Team viewer allow the setting of a 'personal' password (separate from any login password) that allows a specific remote user to login without the cooperation or knowledge of the user of the computer. Very useful for maintenance or update work on a number of remote machines but clearly amenable to mis-use.


If you have correctly removed TeamViewer you need not be concerned about it.


If you want to be sure that Teamviewer is gone please download this utility (it is totally safe, please feel free to wait for others to comment) and run it. It will produce a system report that will identify what is running. No personal information is gathered.

Jul 13, 2014 5:26 AM

Reply Helpful

Jul 14, 2014 8:09 AM in response to Lea_S In response to Lea_S

Lea_S,


Please don't take this the wrong way, but your title is mis-leading. 😕

The Teamviewer software is not a scam. I think you mean that you were scammed by some "incorrectly searched" website that used TeamViewer to run/do something nefarious to your computers. FWIW, you should use Netgear.com support and not some other website. I just fixed three Windows users infections because they went to a VERY misleading link to windowsprinterdrvers.com instead of going to the manufacturers support site (e.g. hp.com, lexmark.com,...). I do realize that some printers are no longer supported with newer OS but still, if the manufacturer doesn't support it, just replace it or post here or other forum for advice.


Which brings me to: am I not the only one that sees these search engines do not monitor/filter ad or top links of bogus sites? Yahoo and Google especially seem to list ads first and then misleading linked hits next. No wonder people click and get scammed or infected. 😢


Teamviewer removal advice: Do Not use some other 3rd party removal (there are links and I'm not running some unknown party app or script)

On a mac, if you want teamviewer uninstalled, go to the Teamviewer folder and uninstall. Newer versions (Like 8, and now 9) of TeamViewer have an uninstaller inside it's Application folder. Go to your Applications folder, find the TeamViewer folder, open it, you should find the TeamViewer app itself, and also an uninstaller there. Run the uninstaller. Do not just trash the folder because it has services installed elsewhere.

Jul 14, 2014 8:09 AM

Reply Helpful

Apr 26, 2015 9:02 AM in response to Lea_S In response to Lea_S

Ok. If you have been scammed by this company like I was, here are some resources for you to prosecute them:


Domain name is registered to: Holger Felgner, Kuhnbergstr. 16, Goeppingen, Province: BW, Postal code 73037, Country: DE. Admin Phone: 49.7161606925. e-mail: hostmaster#teamviewer.com; US Corporate address is Teamviewer US LLC (Limited liability company) 3001 North Rocky Point Drive East, Suite 200, Tampa FL 33607. Contact in us 1-800-951-4573 for sales; 800-264-1437 for tech support. Fax #: 1-855-891-0177. There are some 0mail addresses on their website under contacts. Phone number from which scam against me originated was 323) 322-6719 (Los Angeles number) and speaker identified self as Michael Wilson. Second person I spoke with was identified as David Phillips (760-363-5750) (San Diego number) companies they use for fraudulent wire transfers were Bank of America and Western Union. Payees on charges were named Fernando Mancebo Ramirez and also Enrique Santiago, and payments were made through Western Union New York Address. Western union ignored notice that charges were fraudulent and cashed them anyway and pocked the service charges, all of which went through my checking account and caused my accounts to go into overdraft.


File legal complaints against them immediately if they try to scam you. Do not allow them to drop their remote bot on your computer. Check to make sure. It shows up in your programs box as a bot. If you find one, eject it immediately. If they access your credit cards or bank accounts, immediately report this to your bank credit card fraud department. Your bank may return the money to your account if this is a true fraud. Western Union refuses to refund anything. File a charge against all involved companies with the Federal Trade Commission. AARP also told me to report the fraud through www.ftc.gov, which will forward the complaint to the appropriate local, state and federal police forces. If you live in another country, check your local resources for reporting crime and do not hesitate to file a complaint against that agency. For US Customs and Boarder Protection issues re people impersonating customs agents, use www.cbp.gov. Also file with the Better Business Bureau at www.bbb.org. Canadian Anti-Fraud Center can be reached at www.antifraudcentre-centreantifraude.ca. Consider also filing a complaint with the Federal Internet Fraud Police website. And don't just go against the criminals, go against the Board of Directors of the wire transfer corporation if they keep the fees from these illegal transactions. If the charges are successfully prosecuted, the corporate CEO may go to jail. Don't let embarrassment at being scammed get in the way of prosecuting these people. The more you hesitate, the more people who get cheated by them. And if you are an elderly person, also file charges of Elder Abuse.


File a complaint against the website through the Domain Name registry, and if you have the necessary contact info, file a complaint also with the FCC for illegal use of the telephones. You want these charges to go to a Federal level because of the multiplicity of jurisdictions involved and to get the Federal agencies involved in the investigation and prosecution of these scammers.


Above all else, don't let the ******** get you down or get away with what they are doing. Make it expensive and give them the legal headaches from ****. Good luck.

Apr 26, 2015 9:02 AM

Reply Helpful (1)

Apr 26, 2015 10:20 AM in response to kathrynfromtaylors In response to kathrynfromtaylors

Well put kathryn - let me add one reporting system = US Dept. of Homeland Security, Computer Emergency Response Team (US-CERT)


https://www.us-cert.gov/forms/report

US-CERT Incident Reporting System


The US-CERT Incident Reporting System provides a secure web-enabled means of reporting computer security incidents to US-CERT. This system assists analysts in providing timely handling of your security incidents as well as the ability to conduct improved analysis. If you would like to report a computer security incident, please complete the following form. + More Detail


I agree that we should not fool around with embarrassment or merely solving our own personal issue. The more of these critters we get out of the barnyard the better.


ÇÇÇ

Apr 26, 2015 10:20 AM

Reply Helpful (1)

Apr 26, 2015 10:39 AM in response to kathrynfromtaylors In response to kathrynfromtaylors

PS: If the courts agree that Western Union is culpable for the fees they took, there is a possibility that the Corporate CEO could be doing some jail time. I am also charging them with elder abuse. This morning, I filed a complaint with the Florida Better Business Bureau, which is where their LLC is licensed. Be sure your demand includes a statement that should legal action be required you expect them to pay legal fees and interest at the legal rate of interest from the date of the transaction until it is paid. Some Civil Courts will not grant you those fees if you don't put them on notice. I would also indicate that you expect them to pay travel fees if you have to travel out of area. You probably won't get it, but if you don't ask, you definitely will not.

Apr 26, 2015 10:39 AM

Reply Helpful

Apr 26, 2015 11:31 AM in response to kathrynfromtaylors In response to kathrynfromtaylors

kathryn, you may be "tugging on Superman's cape" with the WU deal...


They have a Legal DEPARTMENT chock full of lawyers - getting paid to do nothing but fight you. They are used to fighting Class Actions and Drug Cartel charges...

https://www.google.com/?gws_rd=ssl#safe=off&q=western+union+lawsuits


Be sure and contract with your attorney on a contingency fee basis or you will likely be pouring your attorney's fees $ into your attorney's pocket only & maybe even seeing a countersuit. I would take a reputable attorney's advice on the matter.

Apr 26, 2015 11:31 AM

Reply Helpful

Apr 27, 2015 4:53 AM in response to ChitlinsCC In response to ChitlinsCC

While your point re litigation may be true in most cases, in this case it is not for several reasons.


firstly, no attorney with a brain in his head is going to sue someone who has no assets for the simple reason they know they will never recover even the amount of their legal fees. Threats to countersue are so much saber rattling to try to scare off the primary litigant.


Secondly, in this instance, if Western Union comes into court with unclean hands--in short, if they did something improper or illegal, that caused the original issue, they cannot prevail. The courts will not assist someone to recover damages that they themselves put into motion. It would be similar to a drug dealer suing his victim for not paying for their drugs. If the sale of drugs was illegal in the first place, the drug dealer will not recover the money from loss of income as a result of the sale.


The reason for filing the complaints that I filed was to mitigate any question of my not attempting to protect myself against further financial damages and attempting to regain that which was lost already. I will not personally need to sue them for the simple reason that the fraud division of my bank becomes the injured party once I filed the fraud complaint with them and they reimburse me. That makes them the ones to sue and their financial pockets are equally as deep as those of Western Union, if not deeper and they, too, have big important attorneys who will knock the snot out of Western Union's attorneys in litigation as they have already done so numerous times. They can now go and swat at each other.


Now to the actual charges I filed. My charges are not civil charges, they are criminal charges which are in the hands of law enforcement as to whether or not they will be pursued. There is no countersuit in a criminal case. You are either guilty or not guilty or whatever grey area you fall into when you plea bargain out. If the criminal investigation shows that either Western Union or Team Viewers committed a crime, the parties responsible will receive the appropriate legal punishment. The question is more of how high up the legal chain the charges will go rather than if they will. It will more than likely be federal charges because the company involved operates out of numerous different states and also in foreign countries as to both companies. If you check the Secretary of State as to corporate filings based upon Team Viewer's corporate standing, you will find that they are actually an LLC (Limited Liability Company) originally based in Delaware. Their current offices are listed as a foreign LLC in Florida because they did not file the original corporate filings in Florida. They possibly do not even have the proper legal authorities to be doing business in other states, which they have been doing by virtue of taking remote control over computers in other states, and that is another matter altogether. The CEO of either corporation could even be put into jail for the actions of his employees even though he did not directly commit the illegal action because the CEO has ultimate responsibility for the actions of his employees and agents.


My actions in which I demanded attorney fees, interest at the legal rate plus any travel fees necessary to travel to testify gives the bank the grounds to now incorporate those fees into their litigation because the offending parties have been placed on notice that they are going to be required to pay them. There is nothing further I need to do legally except respond to questions from the bank investigators and the police and possibly to testify should this come to court.

Apr 27, 2015 4:53 AM

Reply Helpful
User profile for user: Lea_S

Question: Teamviewer scam

Welcome to Apple Support Community
  • A forum where Apple customers help each other with their products. Learn more.
  • Sign up with your Apple ID to get started.